On Thu, Jun 13, 2013 at 05:07:38PM +0300, Mihai Maruseac wrote: > On Thu, Jun 13, 2013 at 5:02 PM, Tobias Dammers <tdamm...@gmail.com> wrote: > > On Thu, Jun 13, 2013 at 09:44:03AM -0400, Andrew Pennebaker wrote: > >> Could we add an HTML form for creating new Hackage accounts? Right now, our > >> community is small enough that emailing r...@soi.city.ac.uk and waiting for > >> a manual response isn't too bad of a problem, but as we grow, it would be > >> nice for these sorts of things to be handled by a server, like with > >> RubyGems and NPM. > > > > IMHO, a more pressing issue is SSL uploads and package signing. As it > > stands, anyone with a Hackage account can upload a new version of any > > given package, and some wire-sniffing is enough to reveal a legit user's > > password. > > I'd try to solve the latest two things first before going into > creating a specific form. > > On the other hand, maybe we can rig something up with Yesod or similar > to solve all three points at the same time. I'm busy now with my > masters disertation but I can attempt something in a month if it seems > ok and no one else does it before that date.
IIRC, there have been previous attempts, or at least a discussion. I can't remember what the result was, though. Either way, it'll take more than just a Yesod web application built over a weekend; signed packages would require package authors to, well, sign, so cabal would need features for that; you'd also have to extend it to *check* those signatures, and give the user options to refuse or allow unsigned packages. SSL should be relatively simple though, mostly a matter of updating cabal's configuration and installing a suitable certificate on the hackage server. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe